SecurityFocus News
SecurityFocus Newsletter #499 Apr 17 2009 05:02PM
sfa securityfocus com
SecurityFocus Newsletter #499
----------------------------------------

This issue is sponsored by Cisco

Five Ways to Know Your Wireless Security

A wireless network can help your employees stay productive as they move around your company. But to take advantage of the benefits of wireless networking, you need to be sure that your network is safe from hackers and unauthorized users. Every device in a wireless network is important to security. Because a wireless LAN (WLAN) is a mobile network, you need a thorough, multilayered approach to safeguard traffic.

http://dinclinx.com/Redirect.aspx?36;4328;50;189;0;5;259;b3682945b0c3f7c
4

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Facebook, Privacy and Contracts
2. Act Locally, Pwn Globally
II. BUGTRAQ SUMMARY
1. BlackBerry Enterprise Server MDS Connection Service Cross Site Scripting Vulnerability
2. phpMyAdmin Configuration File PHP Code Injection Vulnerability
3. GuestCal 'lang' Parameter Local File Include Vulnerability
4. Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
5. Aqua CMS 1.1 Multiple SQL Injection Vulnerabilities
6. AbleSpace Multiple Input Validation Vulnerabilities
7. Jamroom 't' Parameter Local File Include Vulnerability
8. Mongoose HTTP Server Directory Traversal Vulnerability
9. Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10. Sun Solaris ip(7P) Kernel Module Minor Number Allocation Local Denial Of Service Vulnerability
11. Oracle April 2009 Critical Patch Update Multiple Vulnerabilities
12. VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
13. IBM AIX 'usr/sbin/muxatmd' Local Buffer Overflow Vulnerability
14. Sun Java System Directory Server Information Disclosure Vulnerability
15. Sun Solaris Kerberos Incremental Propagation Remote Denial Of Service Vulnerability
16. MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
17. MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
18. MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
19. eLitius 'admin/manage-admin.php' Authentication Bypass Vulnerability
20. WebCollab 'tasks.php' Cross Site Scripting Vulnerability
21. MagicISO CCD/Cue File Heap Overflow Vulnerability
22. chCounter 'counter/stats/index.php' SQL Injection Vulnerability
23. Zervit HTTP Server Directory Traversal Vulnerability
24. SMA-DB 'theme/format.php' Multiple Remote File Include Vulnerabilities
25. MiniWeb Source Code Information Disclosure Vulnerability
26. MiniWeb Remote Buffer Overflow Vulnerability
27. People-Trak Login SQL Injection Vulnerability
28. FreeWebShop 'startmodules.inc.php' Local File Include Vulnerability
29. Zervit 'http.c' Remote Buffer Overflow Vulnerability
30. WANPIPE Multiple Unspecified Race Condition Vulnerabilities
31. SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability
32. Localization Client Drupal Module HTML Injection Vulnerability
33. Zazzle Store Builder Multiple Cross-Site Scripting Vulnerabilities
34. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
35. razorCMS 0.3RC2 Multiple Vulnerabilities
36. Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability
37. Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability
38. Microsoft Internet Explorer Uninitialized Memory Variant One Remote Code Execution Vulnerability
39. Microsoft Internet Explorer Uninitialized Memory Variant Three Remote Code Execution Vulnerability
40. Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability
41. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
42. Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
43. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
44. Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability
45. Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability
46. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
47. Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability
48. Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
49. Microsoft Internet Explorer Uninitialized Memory Variant Two Remote Code Execution Vulnerability
50. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
51. Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
52. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
53. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
54. Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
55. Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
56. Microsoft WordPad Text Converter Remote Code Execution Vulnerability
57. udev Path Encoding Local Denial of Service Vulnerability
58. udev Netlink Message Validation Local Privilege Escalation Vulnerability
59. Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability
60. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
61. CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
62. ejabberd MUC Logs Cross Site Scripting Vulnerability
63. Poppler Multiple Denial of Service Vulnerabilities
64. International Components for Unicode Invalid ISO Character Handling Vulnerability
65. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
66. Wireshark PN-DCP Data Format String Vulnerability
67. multipath-tools 'multipathd' Local Denial of Service Vulnerability
68. mpg123 'store_id3_text()' Memory Corruption Vulnerability
69. Multiple ESET Antivirus Products RAR File Scan Evasion Vulnerability
70. Tiny Blogr 'class.eport.php' Authentication Bypass Vulnerability
71. Multiple BitDefender Security Products RAR File Scan Evasion Vulnerability
72. Avast! Antivirus RAR File Scan Evasion Vulnerability
73. DivX Web Player 'STRF' Chunk Processing Remote Buffer Overflow Vulnerability
74. TYPO3 pmk_rssnewsexport and cm_rdfexport Extensions Unspecified SQL Injection Vulnerability
75. Drupal Printer, e-mail and PDF versions Module Content Title HTML Injection Vulnerability
76. @Mail and @Mail WebMail Email Body HTML Injection Vulnerability
77. GraphicsMagick Multiple Remote Vulnerabilities
78. CCK Comment Reference Edit Form HTML Injection Vulnerability
79. XMLPortal Search Feature Cross Site Scripting Vulnerability
80. Develop It Easy Event Calendar Multiple SQL Injection Vulnerabilities
81. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
82. ClamAV Multiple Remote Denial of Service Vulnerabilities
83. Apache Geronimo Application Server Multiple Remote Vulnerabilities
84. LightNEasy Multiple Input Validation Vulnerabilities
85. Opencosmo VisualSentinel User Agent HTML Injection Vulnerability
86. Linux Kernel 'kill_something_info()' Local Denial of Service Vulnerability
87. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
88. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
89. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
90. Job2C 'adtype' Parameter Multiple Local File Include Vulnerabilities
91. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
92. Job2C Profile Arbitrary File Upload Vulnerability
93. Fortinet FortiClient VPN Connection Name Local Format String Vulnerability
94. SAFARI Montage 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities
95. Liferay Portal Forgot-Password Cross Site Scripting Vulnerability
96. Liferay Portal Login Script Cross-Site Scripting Vulnerability
97. WikkaWiki Security Bypass Vulnerability
98. Novell Teaming User Enumeration Weakness and Multiple Cross Site Scripting Vulnerabilities
99. PowerCHM HTML File Stack Buffer Overflow Vulnerability
100. RQMS Multiple SQL Injection Vulnerabilities
III. SECURITYFOCUS NEWS
1. Browsers bashed first in hacking contest
2. Experts: U.S. needs to defend its "cyber turf"
3. Advisor: U.S. needs policy to defend cyberspace
4. Cabal forms to fight Conficker, offers bounty
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
1. HITBSecConf2009 - Malaysia: Call for Papers
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Facebook, Privacy and Contracts
On February 4, the social networking site Facebook made a minor change to its terms of service - the online contract that every user must agree to when they create an account.
Facebook was trying to solve a legitimate problem: People who deleted their accounts did not realize that information that they shared with other users would persist on their Facebook friends' accounts. Thus, they needed some way of telling users that the information might remain.
http://www.securityfocus.com/columnists/497

2. Act Locally, Pwn Globally
By Jeffrey Carr
On December 24, 2008, the Pakistani Whackerz Cr3w defaced a part of India's critical infrastructure, the Eastern Railway system Web site. The defacement appeared on a scroll feed which read: "Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008)."
http://www.securityfocus.com/columnists/496

II. BUGTRAQ SUMMARY
--------------------
1. BlackBerry Enterprise Server MDS Connection Service Cross Site Scripting Vulnerability
BugTraq ID: 34573
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34573
Summary:
BlackBerry Enterprise Server MDS Connection Service is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions of BlackBerry Enterprise Server prior to 4.1.6 MR5 are vulnerable.

2. phpMyAdmin Configuration File PHP Code Injection Vulnerability
BugTraq ID: 34526
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34526
Summary:
phpMyAdmin is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.

This issue affects phpMyAdmin 3.x (prior to 3.1.3.2).

3. GuestCal 'lang' Parameter Local File Include Vulnerability
BugTraq ID: 34519
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34519
Summary:
GuestCal is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

GuestCal 2.1 is vulnerable; other versions may also be affected.

4. Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
BugTraq ID: 34552
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34552
Summary:
Apache ActiveMQ is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

To exploit these issues, an attacker must gain authenticated access to the Web Console.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Apache ActiveMQ 5.2.0 is vulnerable; other versions may also be affected.

5. Aqua CMS 1.1 Multiple SQL Injection Vulnerabilities
BugTraq ID: 34516
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34516
Summary:
Aqua CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Aqua CMS 1.1 is vulnerable; other versions may also be affected.

6. AbleSpace Multiple Input Validation Vulnerabilities
BugTraq ID: 34512
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34512
Summary:
AbleSpace is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database.

AbleSpace 1.0 is vulnerable; other versions may also be affected.

7. Jamroom 't' Parameter Local File Include Vulnerability
BugTraq ID: 34511
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34511
Summary:
Jamroom is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

Jamroom 3.1.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, and 4.0.2 are vulnerable; other versions may also be affected.

8. Mongoose HTTP Server Directory Traversal Vulnerability
BugTraq ID: 34510
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34510
Summary:
Mongoose is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Mongoose 2.4 is vulnerable; other versions may also be affected.

9. Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
BugTraq ID: 34383
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34383
Summary:
The Apache 'mod_perl' module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

10. Sun Solaris ip(7P) Kernel Module Minor Number Allocation Local Denial Of Service Vulnerability
BugTraq ID: 33550
Remote: No
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/33550
Summary:
Sun Solaris 'ip(7P)' kernel module is prone to a local denial-of-service vulnerability.

Local attackers may exploit this issue to exhaust certain system resources, denying service to legitimate users.

11. Oracle April 2009 Critical Patch Update Multiple Vulnerabilities
BugTraq ID: 34461
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34461
Summary:
Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:

Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit

12. VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities
BugTraq ID: 34373
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34373
Summary:
VMware hosted products are prone to multiple remote vulnerabilities:

- Multiple denial-of-service vulnerabilities
- A privilege-escalation vulnerability
- Multiple heap-based buffer-overflow vulnerabilities
- An unauthorized-access vulnerability
- An information-disclosure vulnerability

An attacker can exploit these issues to crash the affected applications, execute arbitrary code, compromise the affected applications, gain unauthorized access, and obtain sensitive information. Other attacks are also possible.

13. IBM AIX 'usr/sbin/muxatmd' Local Buffer Overflow Vulnerability
BugTraq ID: 34543
Remote: No
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34543
Summary:
IBM AIX is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code as the affected process, possibly resulting in elevated privileges. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects AIX 5.2, 5.3, and 6.1.

14. Sun Java System Directory Server Information Disclosure Vulnerability
BugTraq ID: 34548
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34548
Summary:
Sun Java System Directory Server is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

The following are vulnerable:

Sun Java System Directory Server Enterprise Edition 5
Sun Java System Directory Server 5.2

15. Sun Solaris Kerberos Incremental Propagation Remote Denial Of Service Vulnerability
BugTraq ID: 34139
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34139
Summary:
Sun Solaris Kerberos is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue to prevent incremental propagation of messages from master to slave Key Distribution Center (KDC) servers, resulting in denial-of-service conditions.

The issue affects Solaris 10 and OpenSolaris based on builds snv_01 through snv_110.

16. MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
BugTraq ID: 34409
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34409
Summary:
MIT Kerberos is prone to a memory-corruption vulnerability because it fails to properly initialize data structures.

Successful exploits may allow remote attackers to crash Kerberos servers, including the 'kadmind' administration daemon. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level or superuser privileges, but this has not been confirmed.

Versions prior to Kerberos 5.17 and 5.1.6.4 are vulnerable.

17. MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 34408
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34408
Summary:
MIT Kerberos is prone to multiple remote denial-of-service vulnerabilities.

An attacker may exploit these issues to crash vulnerable servers, resulting in denial-of-service conditions. Some of these issues may allow attackers to obtain sensitive information.

MIT Kerberos 5 1.6.3 is vulnerable; other versions may also be affected.

18. MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
BugTraq ID: 34257
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34257
Summary:
MIT Kerberos is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue to crash vulnerable servers, resulting in denial-of-service conditions.

MIT Kerberos 5 1.6.3 is vulnerable; other versions may also be affected.

19. eLitius 'admin/manage-admin.php' Authentication Bypass Vulnerability
BugTraq ID: 34577
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34577
Summary:
eLitius is prone to an authentication-bypass vulnerability.

Attackers can exploit this issue to gain administrative access to the affected application.

The issue affects eLitius 1.0; other versions may also be affected.

20. WebCollab 'tasks.php' Cross Site Scripting Vulnerability
BugTraq ID: 34576
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34576
Summary:
WebCollab is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

WebCollab 2.40 is vulnerable; other versions may also be vulnerable.

21. MagicISO CCD/Cue File Heap Overflow Vulnerability
BugTraq ID: 34574
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34574
Summary:
MagicISO is prone to a heap-overflow vulnerability that may be triggered by a malicious '.ccd' or '.cue' file.

A successful exploit will crash the application. It may also allow an attacker to execute arbitrary code in the context of the application but this has not been confirmed.

22. chCounter 'counter/stats/index.php' SQL Injection Vulnerability
BugTraq ID: 34572
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34572
Summary:
chCounter is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

chCounter 3.1.3 is vulnerable; other versions may also be affected.

23. Zervit HTTP Server Directory Traversal Vulnerability
BugTraq ID: 34570
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34570
Summary:
Zervit is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Zervit 0.2 is vulnerable; other versions may also be affected.

24. SMA-DB 'theme/format.php' Multiple Remote File Include Vulnerabilities
BugTraq ID: 34569
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34569
Summary:
SMA-DB is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

SMA-DB 0.3.13 is vulnerable; other versions may also be affected.

25. MiniWeb Source Code Information Disclosure Vulnerability
BugTraq ID: 34565
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34565
Summary:
MiniWeb is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks.

This issue affects unknown versions of MiniWeb. We will update this BID when further details are available.

26. MiniWeb Remote Buffer Overflow Vulnerability
BugTraq ID: 34563
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34563
Summary:
MiniWeb is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

27. People-Trak Login SQL Injection Vulnerability
BugTraq ID: 34491
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34491
Summary:
People-Trak is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

28. FreeWebShop 'startmodules.inc.php' Local File Include Vulnerability
BugTraq ID: 34538
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34538
Summary:
FreeWebShop is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver process. This may aid in further attacks.

FreeWebShop 2.2.9 R2 is vulnerable; other versions may also be affected.

29. Zervit 'http.c' Remote Buffer Overflow Vulnerability
BugTraq ID: 34530
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34530
Summary:
Zervit is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Zervit 0.2 is vulnerable; other versions may also be affected.

30. WANPIPE Multiple Unspecified Race Condition Vulnerabilities
BugTraq ID: 34542
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34542
Summary:
WANPIPE is prone to multiple unspecified race-condition vulnerabilities.

Currently, very little is known about these issues. We will update this BID as more information emerges.

Versions prior to WANPIPE 3.3.6 are vulnerable.

31. SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability
BugTraq ID: 34524
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34524
Summary:
SAP AG SAPgui KWEdit ActiveX control is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows an attacker to execute arbitrary code in the context of the application running the affected control (typically Internet Explorer).

This issue affects the following:

SAPgui 6.40 Patch Level 29 with KWEDIT.DLL 6400.1.1.41
SAPgui 7.10 Patch Level 5 with KWEDIT.DLL 7100.1.1.43

Other versions may be vulnerable as well.

32. Localization Client Drupal Module HTML Injection Vulnerability
BugTraq ID: 34546
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34546
Summary:
The Localization Client module for Drupal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

The following are vulnerable:

Localization Client 5.x prior to 5.x-1.2
Localization Client 6.x prior to 6.x-1.7

33. Zazzle Store Builder Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 34525
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34525
Summary:
Zazzle Store Builder is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Zazzle Store Builder 1.0.2 is vulnerable; other versions may also be affected.

34. Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
BugTraq ID: 34240
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34240
Summary:
Sun Java Runtime Environment and Java Development Kit are prone to multiple security vulnerabilities.

Successful exploits may allow attackers to violate the same-origin policy, obtain sensitive information, bypass security restrictions, run untrusted applets with elevated privileges, and cause denial-of-service conditions. This may result in a compromise of affected computers.

These issues affect versions *prior to* the following:

JDK and JRE 6 Update 13
JDK and JRE 5.0 Update 18
SDK and JRE 1.4.2_20
SDK and JRE 1.3.1_25

35. razorCMS 0.3RC2 Multiple Vulnerabilities
BugTraq ID: 34566
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34566
Summary:
razorCMS is prone to a local information-disclosure vulnerability, a local access-validation vulnerability, a security-bypass vulnerability, and multiple cross-site-scripting vulnerabilities.

Attackers can exploit these issues to gain access to sensitive information, create denial-of-service conditions, gain elevated privileges, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Successful exploits may aid in further attacks.

razorCMS 0.3RC2 is vulnerable; other versions may also be affected.

36. Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability
BugTraq ID: 34444
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34444
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers.

The issue affects the following:

Windows Vista
Windows Server 2008

37. Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability
BugTraq ID: 34460
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34460
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle compressed media files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.

38. Microsoft Internet Explorer Uninitialized Memory Variant One Remote Code Execution Vulnerability
BugTraq ID: 34423
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34423
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

39. Microsoft Internet Explorer Uninitialized Memory Variant Three Remote Code Execution Vulnerability
BugTraq ID: 34426
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34426
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

40. Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability
BugTraq ID: 29445
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/29445
Summary:
A vulnerability in Apple Safari on the Microsoft Windows operating system stems from a combination of security issues in Safari and all versions of Windows XP and Vista that will allow executables to be downloaded to a user's computer and run without prompting.

A vulnerability in Safari, known as the 'carpet-bombing' issue reported by Nitesh Dhanjani, allows an attacker to silently place malicious DLL files on a victim's computer. A problem in Internet Explorer, reported in December of 2006 by Aviv Raff, can then be used to run those malicious DLLs.

An attacker can exploit this issue by tricking a victim into visiting a malicious page with Safari; the malicious files will run when the victim starts Internet Explorer.

41. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
BugTraq ID: 33428
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/33428
Summary:
Linux Kernel is prone to two denial-of-service vulnerabilities.

A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.

These issues affect versions prior to Linux Kernel 2.6.27.13 and 2.6.28.2.

42. Linux Kernel 'keyctl_join_session_keyring()' Denial of Service Vulnerability
BugTraq ID: 33339
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/33339
Summary:
The Linux kernel is prone to a denial-of-service vulnerability because it fails to manage memory in a proper manner.

Attackers can exploit this issue to cause a crash by exhausting memory resources.

This issue affects Linux kernel 2.6.x.

43. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

44. Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability
BugTraq ID: 34443
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34443
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers.

The issue affects the following:

Windows XP SP2
Windows Server 2003

45. Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability
BugTraq ID: 34442
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34442
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers.

The issue affects the following:

Windows XP SP2
Windows Server 2003
Windows Vista
Windows Server 2008

46. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability
BugTraq ID: 28833
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/28833
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow authenticated users to elevate their privileges to NetworkService. This allows attackers to execute code with elevated privileges and aids in further exploits.

47. Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability
BugTraq ID: 34439
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34439
Summary:
Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM (NT LAN Manager) credentials. A successful exploit would let an attacker execute arbitrary code in the context of the affected user.

48. Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
BugTraq ID: 34438
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34438
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions.

49. Microsoft Internet Explorer Uninitialized Memory Variant Two Remote Code Execution Vulnerability
BugTraq ID: 34424
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34424
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

50. Ghostscript 'CCITTFax' Decoding Filter Denial of Service Vulnerability
BugTraq ID: 34337
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34337
Summary:
Ghostscript is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to crash the application and possibly to execute code, but this has not been confirmed.

51. Ghostscript Multiple Input Validation and Integer Overflow Vulnerabilities
BugTraq ID: 34184
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34184
Summary:
Ghostscript is prone to multiple integer-overflow and input-validation vulnerabilities.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the user running the affected application. Failed attacks will cause denial-of-service conditions.

52. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
BugTraq ID: 29769
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/29769
Summary:
Microsoft Word is prone to a remote memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files.

Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the currently logged-in user.

53. Ghostscript 'jbig2dec' JBIG2 Processing Buffer Overflow Vulnerability
BugTraq ID: 34445
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34445
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Ghostscript 8.64 is vulnerable; other versions may also be affected.

54. Ghostscript 'gdevpdtb.c' Buffer Overflow Vulnerability
BugTraq ID: 34340
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34340
Summary:
Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

Versions prior to Ghostscript 8.64 are affected.

55. Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
BugTraq ID: 34469
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34469
Summary:
Microsoft Word 2000 is prone to a remote code-execution vulnerability because it fails to properly validate an unspecified string when parsing a WordPerfect document.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions.

56. Microsoft WordPad Text Converter Remote Code Execution Vulnerability
BugTraq ID: 32718
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/32718
Summary:
Microsoft WordPad is prone to a remote code-execution vulnerability because of an unspecified error that may result in corrupted memory.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions.

57. udev Path Encoding Local Denial of Service Vulnerability
BugTraq ID: 34539
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34539
Summary:
The 'udev' Linux application is prone to a local denial-of-service vulnerability.

Exploiting this issue allows local attackers to crash the application. Attackers may also be able to execute code with elevated privileges, but this has not been confirmed.

This issue affects udev as shipped with Ubuntu Linux releases; other versions may also be vulnerable.

58. udev Netlink Message Validation Local Privilege Escalation Vulnerability
BugTraq ID: 34536
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34536
Summary:
The 'udev' Linux application is prone to a local privilege-escalation vulnerability because it fails to properly handle netlink messages.

Local attackers may exploit this issue to gain elevated privileges, which may lead to a complete compromise of the system.

This issue affects udev as shipped with Ubuntu Linux releases; other versions may also be vulnerable.

59. Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability
BugTraq ID: 34470
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34470
Summary:
Microsoft WordPad is prone to a remote code-execution vulnerability because of a stack-based buffer overflow that may result in corrupted memory.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions.

60. Xpdf JBIG2 Processing Multiple Security Vulnerabilities
BugTraq ID: 34568
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34568
Summary:
Xpdf is prone to multiple security vulnerabilities.

Exploiting these issues may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect multiple applications on multiple platforms that utilize the affected library.

61. CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
BugTraq ID: 34571
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34571
Summary:
CUPS is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied TIFF image sizes before using them to allocate memory buffers.

Successful exploits may allow attackers to execute arbitrary code with the privileges of a user running the utilities. Failed exploit attempts likely cause denial-of-service conditions.

Versions prior to CUPS 1.3.10 are vulnerable.

62. ejabberd MUC Logs Cross Site Scripting Vulnerability
BugTraq ID: 34133
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34133
Summary:
The 'ejabberd' application is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Versions prior to ejabberd 2.0.4 are vulnerable.

63. Poppler Multiple Denial of Service Vulnerabilities
BugTraq ID: 33749
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/33749
Summary:
Poppler is prone to multiple denial-of-service vulnerabilities when handling malformed PDF files.

Successfully exploiting this issue allows remote attackers to crash applications that use the vulnerable library, denying service to legitimate users.

These issues affect versions prior to Poppler 0.10.4.

64. International Components for Unicode Invalid ISO Character Handling Vulnerability
BugTraq ID: 29488
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/29488
Summary:
The International Components for Unicode (ICU) is prone to a vulnerability related to the handling of certain invalid character sequences.

An attacker may leverage this vulnerability to bypass content filters. This may lead to cross-site scripting attacks or the disclosure of sensitive information in some cases. Other attacks are also possible.

NOTE: This issue was previously covered in BID 29412 (Apple Mac OS X 2008-003 Multiple Security Vulnerabilities), but has been given its own record to better document the vulnerability.

NOTE: This BID was formerly titled 'Apple Mac OS X International Components for Unicode Information Disclosure Vulnerability', but has been updated to better reflect the issue and the underlying vulnerable component.

65. Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 34457
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34457
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

Versions prior to Wireshark 1.0.7 are vulnerable.

66. Wireshark PN-DCP Data Format String Vulnerability
BugTraq ID: 34291
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34291
Summary:
Wireshark is prone to a format-string vulnerability.

Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.

Wireshark 1.0.6 is vulnerable; other versions may also be affected.

67. multipath-tools 'multipathd' Local Denial of Service Vulnerability
BugTraq ID: 34410
Remote: No
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34410
Summary:
The 'multipath-tools' module is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to disrupt access to storage devices and corrupt filesystem data.

68. mpg123 'store_id3_text()' Memory Corruption Vulnerability
BugTraq ID: 34381
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34381
Summary:
The 'mpg123' program is prone to a memory-corruption vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer.

Exploiting this issue may allow a remote attacker to overwrite memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application and to compromise the affected computer.

This issue affects mpg123 1.7.1 and earlier.

69. Multiple ESET Antivirus Products RAR File Scan Evasion Vulnerability
BugTraq ID: 34582
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34582
Summary:
Multiple ESET products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

The following are vulnerable:

ESET Smart Security 4
ESET NOD32 Antivirus 4
ESET Smart Security 4 Business Edition
ESET NOD32 Antivirus 4 Business Edition
ESET NOD32 Antivirus for Exchange Server
ESET Mail Security
ESET NOD32 Antivirus for Lotus Domino Server
ESET File Security
ESET Novell Netware
ESET DELL STORAGE SERVERS
ESET NOD32 Antivirus for Linux gateway devices

70. Tiny Blogr 'class.eport.php' Authentication Bypass Vulnerability
BugTraq ID: 34581
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34581
Summary:
Tiny Blogr is prone to an authentication-bypass vulnerability.

Attackers can exploit this issue to gain administrative access to the affected application.

Tiny Blogr 1.0.0 rc4 is vulnerable; other versions may also be affected.

71. Multiple BitDefender Security Products RAR File Scan Evasion Vulnerability
BugTraq ID: 34580
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34580
Summary:
Multiple BitDefender security products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the affected security application will fail to detect.

72. Avast! Antivirus RAR File Scan Evasion Vulnerability
BugTraq ID: 34578
Remote: Yes
Last Updated: 2009-04-17
Relevant URL: http://www.securityfocus.com/bid/34578
Summary:
Avast! Antivirus is prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.

73. DivX Web Player 'STRF' Chunk Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 34523
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34523
Summary:
DivX Web Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

DivX Web Player 1.4.2.7 is vulnerable; other versions may also be affected.

74. TYPO3 pmk_rssnewsexport and cm_rdfexport Extensions Unspecified SQL Injection Vulnerability
BugTraq ID: 34544
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34544
Summary:
The TYPO3 pmk_rssnewsexport and cm_rdfexport extensions are prone to an unspecified SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

75. Drupal Printer, e-mail and PDF versions Module Content Title HTML Injection Vulnerability
BugTraq ID: 34545
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34545
Summary:
The 'Printer, e-mail and PDF versions' module for Drupal is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Versions prior to 'Printer, e-mail and PDF versions' 5.x-4.5 and 6.x-1.5 are vulnerable.
http://drupal.org/node/207891

76. @Mail and @Mail WebMail Email Body HTML Injection Vulnerability
BugTraq ID: 34529
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34529
Summary:
@Mail and @Mail WebMail are prone to an HTML-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in dynamically generated content.

Hostile HTML and script code may be injected into vulnerable sections of the application. When viewed, this code may be rendered in the browser of a user viewing a malicious site.

77. GraphicsMagick Multiple Remote Vulnerabilities
BugTraq ID: 29583
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/29583
Summary:
GraphicsMagick is prone to multiple vulnerabilities, including multiple heap-based buffer-overflow issues and denial-of-service issues.

Successfully exploiting these issues will allow an attacker to execute arbitrary code in the context of the affected application and to crash the application.

The vulnerabilities affect versions prior to GraphicsMagick 1.1.14 and 1.2.3.

78. CCK Comment Reference Edit Form HTML Injection Vulnerability
BugTraq ID: 34547
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34547
Summary:
CCK Comment Reference module for Drupal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Versions prior to CCK 6.x-1.2 are vulnerable.

79. XMLPortal Search Feature Cross Site Scripting Vulnerability
BugTraq ID: 34541
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34541
Summary:
XMLPortal is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

XMLPortal 3.0 is vulnerable; other versions may also be affected.

80. Develop It Easy Event Calendar Multiple SQL Injection Vulnerabilities
BugTraq ID: 32148
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/32148
Summary:
Develop It Easy Event Calendar is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Event Calendar 1.2 is vulnerable; other versions may also be affected.

81. OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
BugTraq ID: 33150
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/33150
Summary:
OpenSSL is prone to a signature-verification vulnerability.

An attacker would likely leverage this issue by first carrying out a man-in-the-middle attack. The attacker would most likely exploit this issue to conduct phishing attacks or to impersonate legitimate sites. Other attacks are likely possible.

Releases prior to OpenSSL 0.9.8j are affected.

82. ClamAV Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 34357
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34357
Summary:
ClamAV is prone to multiple denial-of-service vulnerabilities when handling malformed files.

Successfully exploiting these issues allows remote attackers to deny service to legitimate users.

Versions prior to ClamAV 0.95 are vulnerable.

83. Apache Geronimo Application Server Multiple Remote Vulnerabilities
BugTraq ID: 34562
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34562
Summary:
Apache Geronimo Application Server is prone to multiple remote vulnerabilities:

- Multiple directory-traversal vulnerabilities
- A cross-site scripting vulnerability
- Multiple HTML-injection vulnerabilities
- A cross-site request-forgery vulnerability

Attackers can exploit these issues to obtain sensitive information, upload arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, and perform certain administrative actions.

Apache Geronimo 2.1 through 2.1.3 are vulnerable.

84. LightNEasy Multiple Input Validation Vulnerabilities
BugTraq ID: 28801
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/28801
Summary:
LightNEasy is prone to multiple vulnerabilities, including SQL-injection, security-bypass, and information-disclosure issues, because it fails to sufficiently sanitize user-supplied data.

Successful exploits of these vulnerabilities may allow attackers to:

- compromise the application
- access or modify data
- exploit latent vulnerabilities in the underlying database
- view files and execute local scripts in the context of the webserver process
- execute arbitrary PHP script code in the context of the webserver process

These issues affect LightNEasy 1.2.2 and prior versions.

85. Opencosmo VisualSentinel User Agent HTML Injection Vulnerability
BugTraq ID: 29447
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/29447
Summary:
Opencosmo VisualSentinel is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code injected through this vulnerability would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

86. Linux Kernel 'kill_something_info()' Local Denial of Service Vulnerability
BugTraq ID: 34558
Remote: No
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34558
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to signal all processes on the affected computer, resulting in a denial-of-service condition.

The Linux Kernel 2.6.24 through 2.6.27.12 are vulnerable.

87. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
BugTraq ID: 33846
Remote: No
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/33846
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Versions prior to Linux Kernel 2.6.28.8 are vulnerable.

88. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
BugTraq ID: 33948
Remote: No
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/33948
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass access control and make restricted system calls, which may result in an elevation of privileges.

89. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
BugTraq ID: 34205
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34205
Summary:
The Linux Kernel is prone to an unauthorized-access vulnerability that can occur when users with certain capabilities connect to the 'nfsd' service.

An attacker with authenticated access to the affected application can exploit this issue to perform privileged operations on a vulnerable computer; this may aid in further attacks.

90. Job2C 'adtype' Parameter Multiple Local File Include Vulnerabilities
BugTraq ID: 34537
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34537
Summary:
Job2C is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to view local files and execute local scripts within the context of the webserver process. A successful attack can allow the attacker to obtain sensitive information or gain unauthorized access to an affected computer in the context of the vulnerable application.

Job2C 4.2 is vulnerable; other versions may also be affected.

91. D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
BugTraq ID: 31602
Remote: No
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/31602
Summary:
D-Bus is prone to a local denial-of-service vulnerability because it fails to handle malformed signatures contained in messages.

Local attackers can exploit this issue to crash an application that uses the affected library, denying service to legitimate users.

This issue affects D-BUS 1.2.1; other versions may also be affected.

92. Job2C Profile Arbitrary File Upload Vulnerability
BugTraq ID: 34535
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34535
Summary:
Job2C is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Job2C 4.2 is vulnerable; other versions may also be affected.

93. Fortinet FortiClient VPN Connection Name Local Format String Vulnerability
BugTraq ID: 34343
Remote: No
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34343
Summary:
Fortinet FortiClient is prone to a local format-string vulnerability because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function.

Successfully exploiting this issue will allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the computer. Failed exploit attempts will likely result in a denial of service.

FortiClient 3.0.614 is vulnerable; other versions may also be affected.

94. SAFARI Montage 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 29343
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/29343
Summary:
SAFARI Montage is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

SAFARI Montage 3.1.3 is vulnerable; other versions may also be affected.

95. Liferay Portal Forgot-Password Cross Site Scripting Vulnerability
BugTraq ID: 26606
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/26606
Summary:
Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Liferay Portal 4.3.1 is vulnerable; other versions may also be affected.

96. Liferay Portal Login Script Cross-Site Scripting Vulnerability
BugTraq ID: 26470
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/26470
Summary:
Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Liferay Portal 4.1.0 and 4.1.1 are vulnerable; other versions may also be affected.

97. WikkaWiki Security Bypass Vulnerability
BugTraq ID: 34528
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34528
Summary:
WikkaWiki is prone to a security-bypass vulnerability that occurs when certain HTTP requests are processed.

Attackers may exploit the issue to bypass certain security restrictions and carry out administrative actions.

WikkaWiki 1.1.6.6 is vulnerable; other versions may also be affected.

98. Novell Teaming User Enumeration Weakness and Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 34531
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34531
Summary:
Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities.

A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perform brute-force attacks; other attacks are also possible.

The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Novell Teaming 1.0.3 is vulnerable; other versions may also be affected.

99. PowerCHM HTML File Stack Buffer Overflow Vulnerability
BugTraq ID: 34517
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34517
Summary:
PowerCHM is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

PowerCHM 5.7 is vulnerable; other versions may also be affected.

100. RQMS Multiple SQL Injection Vulnerabilities
BugTraq ID: 34518
Remote: Yes
Last Updated: 2009-04-16
Relevant URL: http://www.securityfocus.com/bid/34518
Summary:
RQMS (RASH Quote Management System) is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

RQMS 1.2.1 and 1.2.2 are vulnerable; other versions may also be affected.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

2. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

3. Advisor: U.S. needs policy to defend cyberspace
By: Robert Lemos
An Obama transition-team member argues that any future cyber policy needs to deal with the role of the intelligence community, the militarization of cyberspace and designating a lead disaster agency.
http://www.securityfocus.com/news/11547

4. Cabal forms to fight Conficker, offers bounty
By: Robert Lemos
Microsoft offers $250,000 for information leading to the arrest of the author and, along with security firms and Internet service providers, pledges to work to prevent the prolific worm from spreading further.
http://www.securityfocus.com/news/11546

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
1. HITBSecConf2009 - Malaysia: Call for Papers
http://www.securityfocus.com/archive/82/502703

VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by Cisco

Five Ways to Know Your Wireless Security

A wireless network can help your employees stay productive as they move around your company. But to take advantage of the benefits of wireless networking, you need to be sure that your network is safe from hackers and unauthorized users. Every device in a wireless network is important to security. Because a wireless LAN (WLAN) is a mobile network, you need a thorough, multilayered approach to safeguard traffic.

http://dinclinx.com/Redirect.aspx?36;4328;50;189;0;5;259;b3682945b0c3f7c
4

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus